An option for disabling unsafe inline

[AnujRNair]

Summary

Previously, we added functionality to not generate hashes if unsafe-inline was specifically added to a policy by a developer, however, this breaks csp backwards compatibility with older browsers.

According to MDN:

Specifying nonce makes a modern browser ignore 'unsafe-inline' which could still be set for older browsers without nonce support

The same applies to hashes

This PR has added in a new config option (devAllowUnsafe) to allow the developer to stop inline hash processing if set. Otherwise, a policy will be created with both unsafe-inline and inline script hashes

Requirements (place an x in each [ ])

• I've read and understood the Contributing Guidelines and have done my best effort to follow them.
• I've read and agree to the Code of Conduct.
• I've written tests to cover the new code and functionality included in this PR.
• I've read, agree to, and signed the Contributor License Agreement (CLA).

[codecov]

Codecov Report

Merging #22 into master will increase coverage by 0.09%.
The diff coverage is 100%.

@@ Coverage Diff @@ ## master #22 +/- ## ========================================== + Coverage 98.79% 98.88% +0.09%  ========================================== Files 2 2 Lines 166 180 +14 Branches 9 12 +3 ========================================== + Hits 164 178 +14  Misses 2 2

Impacted Files	Coverage Δ
spec/plugin.spec.js	100% <100%> (ø)	⬆️
plugin.js	96.92% <100%> (+0.14%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a081bc2...75a9a83. Read the comment docs.